dnvThai
dnvThai

Reputation: 123

3-legs in OAuth 2.0

I'm making a program uses Youtube API for testing purpose. Because my program is an installed-application, I've found a picture pointing out how to implement authentication.

It's what I have:

enter image description here

Immediately, I'm confused. According to this figure, I don't know why Google Servers just returns Authorization code after User login and consent.

Why doesn't Google Servers return Token instantly?

Upvotes: 2

Views: 297

Answers (1)

Suraj
Suraj

Reputation: 1705

You are Confused because, I guess, you have missed 3rd leg "User". Authorization code represents the User Consent.

Google server returns Authorization code when User grants the permission to your app to get his/her data from google server(resource server). if user denies the permission Google server wont generate the Authorization code and your app wont be able to get access token.

Another use of Authorization_code is to keep resource owners credentials secret. Authorization code is shared with client and client exchanged that code for access_token.

Find more Information about Oauth 2.0 in this article.

Upvotes: 1

Related Questions